Return-Path: []@mail.webcompany.today> Received: from clara.webcompany.today ([2.58.148.79]) by [] (8.14.7/8.14.7) with ESMTP id [] for []; Mon, 1 Nov 2021 06:[]:[] -0400 Authentication-Results: [] DKIM-Signature: [] DomainKey-Signature: [] Mime-Version: 1.0 Content-Type: multipart/alternative; boundary=»[]» Date: Mon, 1 Nov 2021 11:[]:[] +0100 From: «Tinnitus Repair» <hearingloss@webcompany.today> Reply-To: «Destroy Tinnitus» <hearingloss@webcompany.today> Subject: Military Trick To Fix Tinnitus To: []… Читать далее Snowshoe spam domain hosting
Автор: blog
Malware botnet controller @51.79.119.231
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 51.79.119.231 on port 13371 TCP: $ telnet 51.79.119.231 13371 Trying 51.79.119.231… Connected to 51.79.119.231. Escape character… Читать далее Malware botnet controller @51.79.119.231
Loki botnet controller @172.67.190.175
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Loki botnet controller located at 172.67.190.175 on port 80 (using HTTP POST): hXXp://gervenez.xyz/five/fre.php $ dig +short gervenez.xyz 172.67.190.175 Other malicious domain names hosted on this IP address:… Читать далее Loki botnet controller @172.67.190.175
Malware botnet controller @94.250.255.5
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 94.250.255.5 on port 80 (using HTTP GET): hXXp://94.250.255.5/verify.php $ nslookup 94.250.255.5 pqhostingsadasd.fvds.ru Referencing malware binaries (MD5 hash): 3f76daa90a82c76be66b0b9868c97b01 — AV detection: 48/71… Читать далее Malware botnet controller @94.250.255.5
spam emitter @143.198.55.119
Received: from zmbekg.nosaj.com (143.198.55.119) From: Anna Freuler<reply@lidl.ru!>;<service@stayfriends.de> Subject: [], Heute schenken wir unseren Kunden einen 500€ Rewe-Gutschein Date: Mon, 01 Nov 2021 03:3x:xx +0000
spam emitters
Received: from s7.megojom.ru (megojom.ru [79.141.68.234]) Date: Sun, 31 Oct 2021 23:2x:xx +0000 From: Alex <info@s7.megojom.ru> Subject: Ответьте на предложение (Respond to the offer) 79.141.68.234 megojom.ru 79.141.68.235 tefalongo.ru 79.141.68.236 eseneno.ru 79.141.68.237 raferenco.ru 79.141.68.238 grehemon.ru
Malware botnet controllers @45.8.124.233
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 45.8.124.233 on port 443: $ telnet 45.8.124.233 443 Trying 45.8.124.233… Connected to 45.8.124.233. Escape character is… Читать далее Malware botnet controllers @45.8.124.233
Malware / Botnet / Phishing hosting server @82.202.194.9
According to our telemetry and our own intelligence, the host at this IP address has been setup by cyber criminals for the exclusive purpose of hosting phishing sites, malware distribution sites and/or botnet controllers. We therefore advise our users to block any traffic from/to this IP address. Malware botnet controller located at 82.202.194.9 on port… Читать далее Malware / Botnet / Phishing hosting server @82.202.194.9
spam source
Spam source. ======================================================================= Received: from songlyrics.com (unknown [85.208.208.107]) by x (Postfix) with ESMTP id x for <x>; Mon, 25 Oct 2021 xx:xx:xx +0200 (CEST) From: B i t c o i n <contact@grahamrfarren.com> Subject: B i t c o i n👑 success, easier than the stock market To: x Content-Type: text/html Content-Transfer-Encoding: amazonses.com Date: Mon,… Читать далее spam source
phish source at librem.one
Server emitting phish spam to steal access credentials, probably thanks to a compromised password. Problem started around Thu, 28 Oct 2021 23:30 UTC, still going on on Sun, 31 Oct 2021. The compromised machine appears to be 192.241.214.14, but the spam is delivered through 138.201.176.89. mx1.librem.one. 300 IN A 138.201.176.94 (source is .89) smtp.librem.one. 300… Читать далее phish source at librem.one